{"id":822,"date":"2024-04-24T17:29:47","date_gmt":"2024-04-24T17:29:47","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=822"},"modified":"2024-09-06T21:30:06","modified_gmt":"2024-09-06T21:30:06","slug":"ca-1-assessment-authorization-and-monitoring-policies-and-procedures","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/assessment-authorization-and-monitoring-ca\/ca-1-assessment-authorization-and-monitoring-policies-and-procedures\/","title":{"rendered":"CA-1: Assessment, Authorization, And Monitoring &#8211; Policies and Procedures"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">CA-1: Assessment, Authorization, And Monitoring &#8211; Policies and Procedures<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline:<\/strong> &nbsp;Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>05\/08\/2024&nbsp;<\/h2>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\"><strong>Purpose &#8211;&nbsp;<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Assessments and monitoring ensure that information security controls are implemented correctly, working as intended and result in meeting the security requirements for each information resource.&nbsp; Authorization to operate information resources must be controlled to ensure that residual risks are reviewed and accepted and to ensure that authorized resources satisfy business needs and comply with security, privacy, and accessibility laws and policies.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\"><strong>Scope and Roles &#8211;<\/strong>&nbsp;<\/h2>\n\n\n\n<p>This policy applies to information resources owned or managed by Tarleton State University (Tarleton). The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\"><strong>Compliance &#8211;&nbsp;<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Assessment, authorization, and monitoring controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code (TAC) <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a> and Texas A&amp;M University System (TAMUS) <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 29.01.03, Information Security<\/a>.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-medium-font-size\"><strong>Implementation &#8211;<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Tarleton CISO, in coordination with information resource owners, shall develop, document, and disseminate to units a set of controls that addresses the Security Assessment and Authorization for information resources. These controls should:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and&nbsp;<\/li>\n\n\n\n<li>Be consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The CISO, or their designee, shall review and update the Security Assessment and Authorization controls as necessary.&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong>&nbsp;<\/h3>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=24#:~:text=%C2%A0%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.24 (a)(2)<\/a>&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74#:~:text=%C2%A0(2)%20policies%2C%20controls%2C%20standards%2C%20and%20procedures%20that%3A\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.74 (a)(2)<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CA-1: Assessment, Authorization, And Monitoring &#8211; Policies and Procedures NIST Baseline: &nbsp;Low&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;05\/08\/2024&nbsp; Purpose &#8211;&nbsp;&nbsp; Assessments and monitoring ensure that information &#8230;<\/p>\n","protected":false},"author":62,"featured_media":580,"parent":788,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-822","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/kyle-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"kyle"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on April 24, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on April 24, 2024 5:29 pm","modified":"Updated on September 6, 2024 9:30 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=822"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/822\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}